Monday, February 24th, 2020: The RSA Conference 2020 only kicked off a few hours ago, but Microsoft has gone ahead and provided their RSA Book of News, detailing the announcements they will be making at this year’s Conference. From passwordless authentication support for hybrid cloud environments to dozens of new connectors and integrations across their security products, there is no shortage of new advancements to follow.
Microsoft RSA Announcements
Microsoft Insider Risk Management
Moving one step beyond the existing compliance tools in Cloud App Security and Azure Information protection, Microsoft’s new Insider Risk Management platform leverages AI and machine learning to identify risky behavior from your organization’s employees, ranging from anomalous behavior like large file downloads to potentially harassing language. Additionally, it is able to operate on anonymized usernames, meaning that compliance managers can investigate without accidentally disclosing private information.
Microsoft Threat Protection
We’ve covered this one in depth, but Microsoft Threat Protection continues to advance. Microsoft threat protection gives SecOps teams the ability to view threats at an incident level, linking together signals from across multiple platforms to provide a simplified approach to hunting and reporting. Additionally, MTP can self-heal compromised user identities, endpoints and mailboxes, allowing security teams to focus on strategic projects. While many of these features have been available in private preview, Microsoft is announcing broader availability at RSA 2020.
More platforms in Microsoft Defender ATP
Following December’s announcements regarding Microsoft Defender ATP for Mac, it is not surprising to find that they continue to expand the number of other operating systems that can be protected by Microsoft Defender. Newly announce Linux distros supported in public preview now include RHEL 7+. Ubuntu 16 LTS or higher, Debian 9, Oracle EL, CentOS Linux 7+, and SLES 12+. Microsoft is also announcing new mobile security capabilities they expect to deliver in 2020.
Azure Sentinel Matures
Azure Sentinel, Microsoft’s security information event management (SIEM) solution released last September, is also getting a number of improvements announced. Most exciting is the new Microsoft Security Center for IOT connector, making Sentinel the only SIEM with native IoT support. Other connectors include Zimperium, Quest, CyberArk, and Squandra.
Aside from connectors, there are also a number of new resources. Microsoft is announcing a rewards program for community contributions that is intended to drive the creation of dashboards, workflows and notebooks for advanced hunting scenarios.
Import AWS CloudTail logs to Azure Sentinel for free! From February 24th, 2020 to June 30th, 2020, new and existing Azure Sentinel customers can import AWS CloudTail logs for no charge!
Azure Security Center for IOT
In addition to the new Azure Sentinel connector, Azure Security Center for IOT is extending support for Azure real-time operating systems in addition to existing Linux and Windows 10 IoT core. ASC for IOT is also announcing new patrner connectors for vendors including SecuriThings, FireDome, CyberX, CyberMDX, and Attivo; allowing security teams to protect managed and unmanaged IOT devices from a single unified location.
Passwordless Authentication in Hybrid Environments
Back at Inspire, Microsoft officially announced the preview of passwordless authentication in cloud environments. However lack of support for hybrid environments was a blocker for over 90% of customers. Starting this week, the preview of passwordless authentication for organizations using FIDO2 security keys for Hybrid Azure Active Directory-Joined windows 10 devices will be expanded tenfold. The growing integration has been tested with devices from Yubico, HID, Global, Feitian, eWBM, Ensurity and AuthenTrend. Read the documentation to see how it works.
Endpoint Control for Unsanctioned Cloud Applications
Microsoft is also announcing an integration between their cloud application security broker and endpoint protection tools. By integrating Microsoft Cloud App Security (MCAS) with Microsoft Defender ATP customers are given the ability to provide endpoint-based access control enforcement and to block the upload of sensitive files to unsanctioned cloud apps. In environments with both tools deployed, it is a single switch the enable configured policies.
Campaign Views and Compromise Detection now GA
Campaign Views, announced in public preview back in November, is now generally available. Campaign views gives SecOps teams an “all-encompassing” view of email attack campaigns affecting their organizations along with the ability to very easily identity vulnerable users or the configuration errors that allow campaigns to succeed. Since entering preview, compromise detection and response has allowed organizations to detect and recover from compromised accounts with activity base anomaly alerting and automatic investigation features. Anomaly detection has also been expanded to identify suspicious inbox rules that look to forward or delete sensitive data.